Digital Guardian announced that it has released a new research report, The DG Data Trends Report, which assesses the risk of sensitive data loss during the COVID-19 crisis. The research is based on aggregated and anonymised data from nearly 200 customers of Digital Guardian’s Managed Security Program around the globe. It represents a wide range of organisation sizes and industries, including financial services, manufacturing, healthcare, and business services.
As they continue to work from home, employees from these companies regularly interact with regulated and structured data as well as unstructured intellectual property and trade secrets. The data set analysed was from January 1 – April 15, 2020 and comparative data was evaluated from January 1 – February 29, 2020 (before the global onset on COVID-19) vs. March 1 – April 15, 2020 (after the COVID-19 pandemic came to the forefront).
Sensitive data loss
This enabled Digital Guardian to compare data egress patterns before and after the work from home transition took place and gauge its impact on the risk of sensitive data loss, now and in the future.
Key Findings:
- There was a 123% increase in the volume of data downloaded to USB devices by employees after the pandemic declaration and working from home became widespread. 74% of that data had been classified by organisation data governance policies.
- Cloud storage and USB devices became the most preferred egress paths after the COVID-19 emergency declaration, accounting for 89% of all data egressed.
- Data egress via all paths (email, cloud, USB, etc.) was 80% higher in the first month following WHO’s COVID-19 pandemic declaration.
- More than 50% of the data egressed was classified.
- From March 11 - April 15, employees uploaded 336 TB of data to the cloud, a 72% increase from January and February combined.
- After the WHO’s declaration, Digital Guardian’s Managed Detection & Response analysts also saw a 62% increase in malicious activity from external attackers, a number that corresponded to a 54% increase in incident response investigations required.
USB device usage
Our research indicates remote employees are egressing classified data at unprecedented rates"
IT and security professionals should pay particular attention to the significant uptick in USB device usage as they inherently increase the risk of sensitive data loss due to their portability and likelihood of being misplaced, lost or stolen.
“Organisations have accepted that the economic and health effects of COVID-19 will be with them for the foreseeable future and working from home will remain a requirement for many of their employees,” said Tim Bandos, VP, Cybersecurity, Digital Guardian.
Data security enforcement
“Our research indicates remote employees are egressing classified data at unprecedented rates across all egress paths. Executives and security teams would be wise to consider implementing solutions that provide visibility into this behaviour, and a means to control it, in order to avoid a potential data breach.”
The DG Data Trends Report contains more in-depth information, including statistics on additional data egress channels and points of risk that were monitored, a primer on data security enforcement actions, examples of COVID-19 phishing attacks, as well as recommendations to protect remote workforces.